Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/26/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Under Attack: Over Half of SMBs Breached Last Year

Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.

Today, every company, large or small, that does business online is prey for cybercriminals. Unfortunately, the smaller ones (with fewer than 250 employees) and midmarket firms (250 to 499 employees) are often the first to be hit. Moreover, they can serve as springboards for larger hacking campaigns. The bad guys see small/midmarket businesses as low-hanging fruit because they typically have only basic security precautions in place and lack the sort of in-house staff equipped to deal with serious IT threats.

According to Cisco's "Small and Mighty" Cybersecurity Special Report — drawing on data gathered from 1,816 respondents across 26 countries — more than half (53%) of midmarket companies suffered a security breach in 2018.

As outlined in the survey's report, respondents worry most about targeted attacks against employees (think phishing), advanced persistent threats (such as new types of malware), and distributed denial-of-service attacks (which flood a company's servers with so much traffic that they crash).

Cloud Adoption Requires Cloud-Based Defense Strategies
Because they are such attractive targets — and especially since they usually lack knowledgeable IT staff or dedicated network security personnel — smaller businesses need to be extra vigilant and find creative ways to detect and mitigate online skullduggery, and perhaps even more so than their larger counterparts.

In response to these security challenges, many companies are choosing to take advantage of cloud-based security solutions that cost less than the human alternatives. The use of cloud services among smaller businesses is increasing every year. According to Cisco, 55% of these businesses said in 2014 that some of their networks were hosted in the cloud; in 2017, that rose to 70%.

Clearly, rather than doing it themselves, smaller businesses are turning to hired IT guns to provide corporate cybersecurity. According to the survey, 57% use outside advice and consulting; 54% outsource incident response; and 51% employ external firms to monitor security. Not a bad idea in light of the global shortage of cybersecurity talent.

40% of Respondents Taken Offline for More Than Eight Hours
Most of today's small/midmarket businesses understand that the more complex their product and vendor environment is, the greater their responsibilities. For example, 77% of midmarket businesses say they had trouble setting up alerts. Consequently, a mere 54% of these alerts are looked into, leaving 46% beneath the surface, ready to do damage. Not every unattended alert will be damaging, but the ones that are can be catastrophic.

Cisco's Benchmark Study found that in 2018, 40% of respondents at smaller companies (250 to 499 employees) had eight hours or more of downtime attributable to a major security breach. The research suggests the same occurred in the bigger organizations in the study (500 or more employees). The key difference is that larger firms tend to be better off than their smaller counterparts after an attack because they have more resources to devote to response and recovery. Also, 39% of respondents experienced a severe breach in at least half of their systems. Smaller-scale companies are less likely to have many different locations or business departments, and their critical systems are usually more interconnected.

Recovering from a Cyberattack Can Be Difficult and Costly
Twenty-nine percent of midmarket companies say breaches cost them less than $100,000. A further 20% estimate that breaches cost between $1 million and just under $2.5 million, a number that would probably put an unprepared small/midmarket firm out of business for good.

The Better Business Bureau (BBB) did a recent study to show how much smaller businesses can struggle after a major cyberattack. The BBB asked North American small business owners "How long could your business remain profitable if you permanently lost access to essential data?" A mere one-third (35%) replied that they could stay profitable for more than three months. Over half of them said their financial well would run dry in less than a month.

Security Has Reached the Boardroom
The upside is that cybersecurity is now a common topic of boardroom discussion. Ninety-two percent of midmarket businesses now have a senior person in charge of security in one way or another, as noted in Cisco's report. A respectable 42% of them have installed a CISO, and another 24% have hired a chief security officer.

Another positive note is that a solid majority (91%) of midmarket firms test their incident response plans at least once a year by running drills. However, one wonders whether incident response plans are enough of a defense to ward off attackers, who seem to be getting smarter and using more sophisticated technology every day.

To keep pace with the bad guys, small/midmarket businesses must continue to improve their cybersecurity and acknowledge that even smaller changes are better than no changes at all. The online threat landscape is wide-ranging and always changing, and the targets of attack are increasing in number. In response, security technologies and strategies have to evolve the same way.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CameronRobertson
50%
50%
CameronRobertson,
User Rank: Moderator
4/8/2019 | 2:42:20 AM
Due diligence
While the companies are all required to have their own form of protection up, I sure hope that the cloud data storage companies are going to play their part and do what they can to protect all of their customers from being hacked too. I don't think that anybody would be so specifically targeted as opposed to trying to hit on the whole mainframe of the cloud network..
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/26/2019 | 10:51:41 AM
Cryptolocker and restore in hours
Small business can be very small indeed.  Before moving to Georgia in 2014, I had my own managed services business - just me and another consultant.  One of my clients was a lovely 501C3 museum I had been associated with like forever and they got Cryptolocker at 1:20 am on the executive director's machine.  Bounced to the server and everything went up into the air.  Everything.  When they called in panic, I picked up my dedicated Dell system to their server as off-site backup.  Not a drive but a whole computer.  Car, drove it down and as it had same name as server, everybody had data access fast.  Now the server could then be rebuilt fast and in 3 hours I had all data restored and server running fine.  Only lost desktop on Executive director station and I did not know he used a part of the.  98% restore.  Now that is a small one, very small, but illustrative of point of this article.  SMALL firms are vulnerable unless they have good staff or good consultant staff.  ( I should have charged more for my restore - well, lesson learned). 
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-8087
PUBLISHED: 2019-10-22
Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors.
CVE-2019-10079
PUBLISHED: 2019-10-22
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.
CVE-2019-12147
PUBLISHED: 2019-10-22
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the...
CVE-2019-12148
PUBLISHED: 2019-10-22
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to an authentication bypass via an argument injection vulnerability involving special characters in the username field. Upon successful exploitation, a remote unauthenticated user can login into the device's admin ...
CVE-2019-12290
PUBLISHED: 2019-10-22
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusi...